Edward Snowden says (according to Reuters) that RSA Security accepted $10 million from the National Security Agency in exchange for installing (or allowing to have installed) a secret backdoor so the NSA could decrypt messages as it pleased. Hell no says RSA (a division of storage vendor EMC), stating in very strong terms that this was not at all the case. But then in a second day look at the RSA/EMC statement bloggers began to see the company as dissembling, their firm defense as really more of a non-denial denial. So what’s the truth here and what’s the lesson?

Twenty years ago, when I was writing Accidental Empires, my book about the PC industry, I included near the beginning a little rant about how good engineers were incapable of lying, because their work relied on Terminal A being positive and not negative and if they lied about such things then nothing would ever work. That was before I learned much about data security, where apparently lying is part of the game. Well, based on recent events at RSA, Lockheed Martin, and other places, I think lying should not be part of the game.

Was there a break-in? Was data stolen? Was there an unencrypted database of SecureID seeds and serial numbers? All we […]